15 matches found
EUVD-2005-3771
Malware in sbrugna...
EUVD-2024-34992
Malicious code in bioql PyPI...
RepuNet: a Reputation System for Mitigating Malicious Clients in DFL
Decentralized Federated Learning DFL enables nodes to collaboratively train models without a central server, introducing new vulnerabilities since each node independently selects peers for model aggregation. Malicious nodes may exploit this autonomy by sending corrupted models model poisoning,...
CVE-2024-34695
WOWS Karma is a reputation system for Wargaming's World of Warships. A user is able to click multiple times on "create" on a post creation prompt before the modal closes, which triggers sending several post creation API requests at once. Due to timing, sending multiple posts simultaneously reques...
Bykea: Lack of Feedback Validation Permits Arbitrary Driver Ratings
The vulnerability discovered by @bugbountywithmarco in Bykea's feedback system allowed authenticated passengers to submit feedback for drivers they had not actually ridden with. The exploit was limited to trips the attacker legitimately owned, and each trip could only affect one driver rating at ...
CVE-2024-34695
WOWS Karma is a reputation system for Wargaming's World of Warships. A user is able to click multiple times on "create" on a post creation prompt before the modal closes, which triggers sending several post creation API requests at once. Due to timing, sending multiple posts simultaneously reques...
CVE-2024-34695
Affected software: WOWS Karma reputation system for World of Warships. Root cause / vector: A user can click the"create" button multiple times on the post-creation prompt before the modal closes, causing several API requests to be sent in parallel. This timing flaw allows bypassing the cooldown v...
CVE-2024-34695 WOWS Karma vulnerable to a post submission bounce/timing attack
WOWS Karma is a reputation system for Wargaming's World of Warships. A user is able to click multiple times on "create" on a post creation prompt before the modal closes, which triggers sending several post creation API requests at once. Due to timing, sending multiple posts simultaneously reques...
Improper Access Control
github.com/ipfs/kubo/ is vulnerable to Improper Access Control. The vulnerability is due to the ability of an attacker to generate ephemeral identities, allowing them to exploit the IPFS connection management reputation system. This enables the attacker to poison other nodes' routing tables,...
Yahoo Touts Success of Bug Bounty Program
Yahoo established its formal bug bounty program nearly two years ago, and the company has paid out more than $1 million in rewards to researchers in that time. But security officials say the value the program has provided to the company has been just as great. Although Yahoo was among the latter...
HackerOne: Logical Issue (Boosting Reputation points)
Hello, This bug is a design flaw in the reputation system. Simply, when a bug is resolved +7 is added to the user's account. When bounty is awarded then the reputation points are calculated based on standard deviation from the program's mean. I found these here --- You gain reputation when: Your...
CVE-2005-3776
Multiple cross-site scripting XSS vulnerabilities in MyBulletinBoard MyBB 1.0 PR2 Rev 686 allow remote attackers to inject arbitrary web script or HTML via 1 the subject field when creating a new thread and 2 information passed to the Reputation system...
CVE-2005-3776
CVE-2005-3776 affects MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 with XSS vulnerabilities in (1) the thread creation subject and (2) the Reputation system input. The root cause is provided as multiple XSS flaws allowing remote attackers to inject arbitrary script/HTML; specifics on versions, affected...
CVE-2005-3776
Multiple cross-site scripting XSS vulnerabilities in MyBulletinBoard MyBB 1.0 PR2 Rev 686 allow remote attackers to inject arbitrary web script or HTML via 1 the subject field when creating a new thread and 2 information passed to the Reputation system...
Multiple Bugs in MyBB 1.0 PR2 Rev 686(Updated Nov 1, 2005)
Description: MyBB is a powerful, efficient and free forum package developed in PHP and MySQL. MyBB has been designed with the end users in mind, you and your subscribers. Full control over your discussion system is presented right at the tip of your fingers, from multiple styles and themes to the...